Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tk-star Subscribe
Filtered by product Q90 Junior Gps Horloge
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-20470 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2021-07-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It performs actions based on certain SMS commands. This can be used to set up a voice communication channel from the watch to any telephone number, initiated by sending a specific SMS and using the default password, e.g., pw,<password>,call,<mobile_number> triggers an outbound call from the watch. The password is sometimes available because of CVE-2019-20471.
CVE-2019-20471 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2021-02-05 7.2 HIGH 7.8 HIGH
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. When using the device at initial setup, a default password is used (123456) for administrative purposes. There is no prompt to change this password. Note that this password can be used in combination with CVE-2019-20470.
CVE-2019-20468 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2021-02-05 7.5 HIGH 9.8 CRITICAL
An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS.
CVE-2019-20473 1 Tk-star 2 Q90 Junior Gps Horloge, Q90 Junior Gps Horloge Firmware 2021-02-05 4.6 MEDIUM 6.8 MEDIUM
An issue was discovered on TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a "Remove PIN and restart!" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device.